Maintainer Pavel Zilke in the c10f1 branch: Information

Maintainer name: Pavel Zilke (zidex)
Built source packages in this branch: 4

Last changes

Mar 26, 2024, 05:30 PM


Summary: IT Operations Portal
- New version
- Security fixes:
 + CVE-2023-48710 : Restrict pages/exec.php to PHP files
 + CVE-2023-48709 : Fix CSV injection in Excel from an iTop CSV export file
 + CVE-2023-46734 : Fix potential XSS vulnerabilities in TWIG CodeExtension filters
 + CVE-2023-47123 : Fix XSS vulnerability in n:n relations "tagset" widget
 + CVE-2023-47622 : Fix XSS vulnerabilities in ajax operations
 + CVE-2023-47626 : Fix XSS vulnerabilities in authent token
 + CVE-2023-44396 : Fix XSS vulnerabilities in dashlet ajax operations
 + CVE-2023-43790 : Fix XSS vulnerabilities in friendlyname in object details
 + CVE-2023-38511 : Fix dashboard allowing to load multiple files and urls
 + CVE-2023-45808 : Fix object creation in non allowed org by forging http query in both Console and Portal
Aug 23, 2023, 03:10 PM


Version: 9.5.13-alt1
Summary: IT and asset management software
- New version 9.5.13
- This release fixes several security issues that have been recently discovered. Update is recommended!
- Security fixes:
 + CVE-2023-28632 : Account takeover by authenticated user
 + CVE-2023-28838 : SQL injection through dynamic reports
 + CVE-2023-28852 : Stored XSS through dashboard administration
 + CVE-2023-28636 : Stored XSS on external links
 + CVE-2023-28639 : Reflected XSS in search pages
 + CVE-2023-28634 : Privilege Escalation from technician to super-admin
 + CVE-2023-28633 : Blind Server-Side Request Forgery (SSRF) in RSS feeds
Dec 11, 2020, 07:52 PM


Version: 2.8.1-alt1
Summary: Hardware and software inventory tool (Agent)
- New version.
Jun 30, 2018, 01:33 AM


Version: 1.0002-alt3
Summary: XML::Entities - Decode strings with XML entities
- fixed unpackaged files